bin/dnssec/dnssec-dsfromkey.docbook

	dnssec-dsfromkey.docbook revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
6bdda696b3ea703c47e87fea61017ec655f91d92nd<!--
6bdda696b3ea703c47e87fea61017ec655f91d92nd - Copyright (C) 2008-2012, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
6bdda696b3ea703c47e87fea61017ec655f91d92nd -
6bdda696b3ea703c47e87fea61017ec655f91d92nd - This Source Code Form is subject to the terms of the Mozilla Public
6bdda696b3ea703c47e87fea61017ec655f91d92nd - License, v. 2.0. If a copy of the MPL was not distributed with this
6bdda696b3ea703c47e87fea61017ec655f91d92nd - file, You can obtain one at http://mozilla.org/MPL/2.0/.
6bdda696b3ea703c47e87fea61017ec655f91d92nd-->
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd<!-- Converted by db4-upgrade version 1.0 -->
6bdda696b3ea703c47e87fea61017ec655f91d92nd<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-dsfromkey">
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <info>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <date>2012-05-02</date>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </info>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refentryinfo>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <corpname>ISC</corpname>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </refentryinfo>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refmeta>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <manvolnum>8</manvolnum>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <refmiscinfo>BIND9</refmiscinfo>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </refmeta>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refnamediv>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <refname><application>dnssec-dsfromkey</application></refname>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </refnamediv>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <docinfo>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <copyright>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2008</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2009</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2010</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2011</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2012</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2014</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2015</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <year>2016</year>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </copyright>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </docinfo>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refsynopsisdiv>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <cmdsynopsis sepchar=" ">
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <command>dnssec-dsfromkey</command>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-C</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="req" rep="norepeat">keyfile</arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </cmdsynopsis>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <cmdsynopsis sepchar=" ">
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <command>dnssec-dsfromkey</command>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="req" rep="norepeat">-s</arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-s</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-A</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="req" rep="norepeat">dnsname</arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd   </cmdsynopsis>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <cmdsynopsis sepchar=" ">
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <command>dnssec-dsfromkey</command>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
6bdda696b3ea703c47e87fea61017ec655f91d92nd   </cmdsynopsis>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </refsynopsisdiv>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refsection><info><title>DESCRIPTION</title></info>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <para><command>dnssec-dsfromkey</command>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      outputs the Delegation Signer (DS) resource record (RR), as defined in
6bdda696b3ea703c47e87fea61017ec655f91d92nd      RFC 3658 and RFC 4509, for the given key(s).
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </refsection>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refsection><info><title>OPTIONS</title></info>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <variablelist>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-1</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Use SHA-1 as the digest algorithm (the default is to use
6bdda696b3ea703c47e87fea61017ec655f91d92nd        both SHA-1 and SHA-256).
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-2</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Use SHA-256 as the digest algorithm.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-a <replaceable class="parameter">algorithm</replaceable></term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Select the digest algorithm. The value of
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <option>algorithm</option> must be one of SHA-1 (SHA1),
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg        SHA-256 (SHA256), GOST or SHA-384 (SHA384).
6bdda696b3ea703c47e87fea61017ec655f91d92nd        These values are case insensitive.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-C</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Generate CDS records rather than DS records.  This is mutually
6bdda696b3ea703c47e87fea61017ec655f91d92nd        exclusive with generating lookaside records.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-T <replaceable class="parameter">TTL</replaceable></term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Specifies the TTL of the DS records.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg    <term>-K <replaceable class="parameter">directory</replaceable></term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg        Look for key files (or, in keyset mode,
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <filename>keyset-</filename> files) in
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <option>directory</option>.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-f <replaceable class="parameter">file</replaceable></term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Zone file mode: in place of the keyfile name, the argument is
6bdda696b3ea703c47e87fea61017ec655f91d92nd        the DNS domain name of a zone master file, which can be read
6bdda696b3ea703c47e87fea61017ec655f91d92nd        from <option>file</option>.  If the zone name is the same as
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <option>file</option>, then it may be omitted.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        If <option>file</option> is set to <literal>"-"</literal>, then
6bdda696b3ea703c47e87fea61017ec655f91d92nd        the zone data is read from the standard input.  This makes it
6bdda696b3ea703c47e87fea61017ec655f91d92nd        possible to use the output of the <command>dig</command>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        command as input, as in:
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <term>-A</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd          <para>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg            Include ZSKs when generating DS records.  Without this option,
6bdda696b3ea703c47e87fea61017ec655f91d92nd            only keys which have the KSK flag set will be converted to DS
6bdda696b3ea703c47e87fea61017ec655f91d92nd            records and printed.  Useful only in zone file mode.
6bdda696b3ea703c47e87fea61017ec655f91d92nd          </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-l <replaceable class="parameter">domain</replaceable></term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Generate a DLV set instead of a DS set.  The specified
6bdda696b3ea703c47e87fea61017ec655f91d92nd        <option>domain</option> is appended to the name for each
6bdda696b3ea703c47e87fea61017ec655f91d92nd        record in the set.
6bdda696b3ea703c47e87fea61017ec655f91d92nd        The DNSSEC Lookaside Validation (DLV) RR is described
6bdda696b3ea703c47e87fea61017ec655f91d92nd        in RFC 4431.  This is mutually exclusive with generating
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg        CDS records.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-s</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Keyset mode: in place of the keyfile name, the argument is
6bdda696b3ea703c47e87fea61017ec655f91d92nd        the DNS domain name of a keyset file.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-c <replaceable class="parameter">class</replaceable></term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg        Specifies the DNS class (default is IN).  Useful only
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg        in keyset or zone file mode.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg    <term>-v <replaceable class="parameter">level</replaceable></term>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Sets the debugging level.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-h</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Prints usage information.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg      <varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <term>-V</term>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd        Prints version information.
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </listitem>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      </varlistentry>
6bdda696b3ea703c47e87fea61017ec655f91d92nd    </variablelist>
6bdda696b3ea703c47e87fea61017ec655f91d92nd  </refsection>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd  <refsection><info><title>EXAMPLE</title></info>
6bdda696b3ea703c47e87fea61017ec655f91d92nd
6bdda696b3ea703c47e87fea61017ec655f91d92nd    <para>
6bdda696b3ea703c47e87fea61017ec655f91d92nd      To build the SHA-256 DS RR from the
6bdda696b3ea703c47e87fea61017ec655f91d92nd      <userinput>Kexample.com.+003+26160</userinput>
      keyfile name, the following command would be issued:
    </para>
    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
    </para>
    <para>
      The command would print something like:
    </para>
    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
    </para>
  </refsection>

  <refsection><info><title>FILES</title></info>

    <para>
      The keyfile can be designed by the key identification
      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
    </para>
    <para>
      The keyset file name is built from the <option>directory</option>,
      the string <filename>keyset-</filename> and the
      <option>dnsname</option>.
    </para>
  </refsection>

  <refsection><info><title>CAVEAT</title></info>

    <para>
      A keyfile error can give a "file not found" even if the file exists.
    </para>
  </refsection>

  <refsection><info><title>SEE ALSO</title></info>

    <para><citerefentry>
    <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
    <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
      <citetitle>RFC 3658</citetitle>,
      <citetitle>RFC 4431</citetitle>.
      <citetitle>RFC 4509</citetitle>.
    </para>
  </refsection>

</refentry>